WonderMan: I have multiples of all consoles I play around. This lets me keep different firmware versions such as the v1.10 PS3 and the v3.15 PS3. Sony also changes the hardware inside a PS3 many times over it’s life, even when it appears to be the same externally. This is another reason I have multiples, to be able to play around on the different hardware. I have not broken any yet…

another nab question as you have mentioned in your reply you have multiple ps3’s with different firmware can you tell us little bit about your experience of a same exploit on diffrent ps3’s? or you have only tried it on one.

Even if you write a post explaining what this exploit does and does not do, people will still not understand, for some reason people just want an ISO loader, with no real understanding on why not or willing to work and design their own programs.

My hat is off to you, in picking up were Geohot left after his quick 15 minutes of worldwide ‘net fame.

@tom: thanks for the reply
@Xorloser: thanks for the reply too, and I would appreciate if you can take out some time and write something about the outcome of what you doing, I been tracking informations about this since I heard about geohotz and his blog but still not very much clear as to what this whole experiments leading us to?

and as Tom said “this might lead us to homebrew” what exactly would we (the general public) be getting as final product?

As I keep saying there are future posts to come that will talk more about usage of the exploit and what it can do. I have to first prepare the software to a stage where it is good enough to release. I also have to work and live my life 😉 Patience people, there is more to come.

I have contacted a person who’s working under the name Gaki. He claims he has the necessary drivers for the Zego RSX vga. He’s looking for people who were able to run this exploit. He’s goal is to mod the drivers so that they can work on the PS3-Linux. If you’re interested then please contact him on haxnetwork.net. Look for the IRC button on top.

In OtherOS, all 7 SPUs are idle. You can command an SPU(which I’ll leave as an exercise to the reader) to load metldr, from that load the loader of your choice, and from that decrypt what you choose, everything from pkgs to selfs. Including those from future versions.

The PPU is higher on the control chain then the SPUs. Even if checks were to be added to, for example, verify the hypervisor before decrypting the kernel, with clever memory mappings you can hide your modified hypervisor.

Ah, but you still didn’t get the Cell root key. And I/we never will. But it doesn’t matter. For example, we don’t have either the iPhone or PSP \root key\. But I don’t think anyone doubts the hackedness of those systems.

Today I verified my theories about running the isolated SPUs as crypto engines. I believe that defeats the last technical argument against the PS3 being hacked.

In OtherOS, all 7 SPUs are idle. You can command an SPU(which I’ll leave as an exercise to the reader) to load metldr, from that load the loader of your choice, and from that decrypt what you choose, everything from pkgs to selfs. Including those from future versions.

The PPU is higher on the control chain then the SPUs. Even if checks were to be added to, for example, verify the hypervisor before decrypting the kernel, with clever memory mappings you can hide your modified hypervisor.

Ah, but you still didn’t get the Cell root key. And I/we never will. But it doesn’t matter. For example, we don’t have either the iPhone or PSP “root key”. But I don’t think anyone doubts the hackedness of those systems.